- name: d8-kube-dns.coredns
  rules:
  - alert: KubernetesCoreDNSHasCriticalErrors
    expr: sum by (pod) (coredns_panics_total{job="kube-dns"}) > 0
    for: 5m
    labels:
      severity_level: "5"
      tier: cluster
      d8_module: kube-dns
      d8_component: kube-dns
    annotations:
      plk_protocol_version: "1"
      plk_markup_format: "markdown"
      description: |-
        CoreDNS pod {{$labels.pod}} has at least one critical error.
        To debug the problem, look into container logs: `kubectl -n kube-system logs {{$labels.pod}}`
      summary: CoreDNS has critical errors.
- name: deckhouse.kube-dns.legacy-services
  rules:
  - alert: KubeDnsServiceWithDeprecatedAnnotation
    expr: max by (service_namespace, service_name) (d8_kube_dns_deprecated_service_annotation) == 1
    for: 5m
    labels:
      severity_level: "7"
    annotations:
      plk_markup_format: markdown
      plk_protocol_version: "1"
      plk_create_group_if_not_exists__d8_kube_dns_deprecated_resources: KubeDnsDeprecatedResources,tier=~tier,d8_module=kube-dns,d8_component=kube-dns
      plk_grouped_by__d8_kube_dns_deprecated_resources: KubeDnsDeprecatedResources,tier=~tier,d8_module=kube-dns,d8_component=kube-dns
      summary: Deprecated Service annotation found.
      description: |
        Replace deprecated Service annotation `service.alpha.kubernetes.io/tolerate-unready-endpoints` with `spec.publishNotReadyAddresses: true`.
        This installation is running a patched version of coredns that respects this annotation. This may change in the future.

        You can get the service with deprecated annotation with the following command:

            ```
            kubectl -n {{$labels.service_namespace}} get svc {{$labels.service_name}} -o yaml
            ```
